Since WordPress 3.5 this option (XML-RPC)
is enabled by default, and the ability to turn it off from WordPress dashboard is gone.
Add this code snippet for use in functions.php:
1 2 3 4 5 6 7 8 9 10 | // Disable use XML-RPC add_filter( 'xmlrpc_enabled', '__return_false' ); // Disable X-Pingback to header add_filter( 'wp_headers', 'disable_x_pingback' ); function disable_x_pingback( $headers ) { unset( $headers['X-Pingback'] ); return $headers; } |
Although it does what it says, it can get intensive when a site is under attack by hitting it.
1 2 3 4 5 | # Block WordPress xmlrpc.php requests <Files xmlrpc.php> order allow,deny deny from all </Files> |
If you like this question & answer and want to contribute, then write your question & answer and email to freewebmentor[@]gmail.com. Your question and answer will appear on FreeWebMentor.com and help other developers.